Introduction to AWS AppSync - Fully managed GraphQL Service

Introduction to AWS AppSync - Fully managed GraphQL Service

Build, deploy, and manage mobile and web apps that need real-time or offline data are simple with AWS AppSync, a fully managed serverless GraphQL service. Your apps may securely access and work with data stored in AWS services like Amazon DynamoDB, Amazon Elasticsearch Service, and AWS Lambda by building GraphQL APIs using AppSync.

One of the key benefits of using AppSync is that it allows you to build scalable, responsive applications without the need to manage complex server infrastructure. AppSync handles all of the underlying network and security protocols for you, allowing you to focus on building great user experiences.

In addition to providing real-time and offline data access, AppSync also offers a number of other features that make it a powerful tool for building modern applications. These features include:

⦿ GraphQL Transform: This is a tool that helps you build GraphQL APIs quickly and easily by providing a set of pre-built, customizable GraphQL resolvers.

⦿ Subscriptions: AppSync allows you to create real-time subscriptions that allow your clients to receive updates in real-time when certain events occur, such as when data is updated or deleted.

⦿ Data manipulation: AppSync provides a number of powerful data manipulation capabilities, including the ability to create, update, and delete data, as well as the ability to perform complex queries and mutations on data.

⦿ Security: AppSync integrates with AWS Identity and Access Management (IAM), AWS Cognito, and API Keys to provide fine-grained access controls and protect your data from unauthorized access.

Some other key security features of AWS AppSync include:

  1. Data encryption: All data is encrypted in transit and at rest using industry-standard encryption algorithms.

  2. Identity and access management (IAM): You can use IAM to control access to your AWS AppSync resources and data.

  3. VPC Endpoints: You can use VPC Endpoints to securely access your AppSync APIs from within your Amazon VPC, without exposing your APIs to the public internet.

  4. Resource-level permissions: You can use resource-level permissions to control access to specific GraphQL operations and fields.

  5. Amazon Cognito authentication: You can use Amazon Cognito to authenticate users and authorize access to your AppSync APIs.

  6. OAuth 2.0 support: You can use OAuth 2.0 to authenticate users and authorize access to your AppSync APIs.

  7. Identity federation: You can use identity federation to authenticate users with third-party identity providers, such as Google or Facebook.

1️⃣️ Schema

In AppSync, the schema defines the shape of your data and the operations that can be performed on it. The schema is written in GraphQL, which is a language for querying and mutating data. The schema consists of types, fields, and relationships between those types.

2️⃣ Resolvers

Resolvers are functions that resolve a GraphQL query to a specific data source. When a client issues a query to the GraphQL API, the query is forwarded to the appropriate resolver for handling. The resolver retrieves the requested data from the data source and returns it to the client.

3️⃣️ Mutations

AppSync also allows you to define mutations, which are operations that modify data. Mutations work similarly to queries, but they require a resolver to handle the data modification and return the updated data to the client.

The schema defines the structure of the data and the operations that can be performed on it, while the resolvers handle the actual retrieval and modification of data from the data sources.

For example, consider a schema that has a type called "Post" and fields called "title" and "content". To retrieve the data for a specific Post, you might define a resolver that queries a DynamoDB table for the Post with a specific ID. The resolver would return the Post's title and content to the client as a response to the query. Mutations helps to make any update to the title or post.

AWS Meme

🎥 Demo

First, let’s create a GraphQL endpoint to retrieve the title and content from post DynamoDB.

Step 1: Login to the console and go to AppSync

AWS AppSync Console

Step 2: Choose Create with wizard and Create a model. The model should contains the list of fields you want to store and retrieve from DynamoDB Table.

AppSync Creation

Step 3: Click Create, and on the next screen name your API "My AppSync App API". Click Create. The AppSync console will deploy your DynamoDB table and create your AppSync schema. The schema includes autogenerated queries, mutations, and subscriptions.

create AppSync

Step 4: On the left, you can see the list of tabs such as Schema, Data Sources, Functions, Queries, Caching, Setting and Monitoring.

AppSync Tabs

  • Schema: The schema defines the types, fields, and operations (queries, mutations, and subscriptions) that clients can execute on the API. The schema is written in the GraphQL schema definition language (SDL) and is used to validate client requests and generate a client-side code generation.

  • Data Sources: AppSync allows you to connect to various data sources, such as DynamoDB tables, Lambda functions, and Elasticsearch domains, to retrieve and manipulate data in your API. You can also use AppSync's built-in data sources for authentication and authorization.

  • Functions: AppSync allows you to write custom Lambda functions to perform additional logic or data manipulation before or after data is retrieved from a data source. These functions can be triggered by specific events, such as a client query or mutation.

  • Queries: Clients can use the GraphQL query operation to retrieve data from the API. AppSync automatically maps the client query to the appropriate data source and resolves any fields in the query that are defined in the schema.

  • Caching: AppSync allows you to enable caching for specific queries to improve the performance of your API. Cached data is stored in an in-memory cache and is automatically invalidated when the data in the data source is updated.

  • Setting and Monitoring: AppSync provides a variety of settings and monitoring options that allows you to customize the behavior of your API and monitor its usage. You can set up logging and tracing for debugging and troubleshooting, configure caching and connection pooling, and use CloudWatch for monitoring metrics and log streams.

Let’s go to schema and look for the schema, resolvers and query to be able to fetch the title and content from the DynamoDB.

type MyModelType {
    id: ID!
    title: String
    content: String

type Query {
    getMyModelType(id: ID!): MyModelType

On the right, you can see the Resolvers are set to the Dynamo table.

Now to query the table by Id, we can go to the queries tab and run this below snippet to fetch the information

query DemoQuery {
  getMyModelType(id: "123") {

AppSync Query

The endpoint uses the API Key to authenticate the requests. With this API Key and the URL we can also use the Postman to try running the query.

Go to Settings tab to get the credentials

AppSync Creds

Now in the Postman..

Enter the copied URL and API key, and the query in the Body.

GraphQL Postman Auth

GraphQL Postman Query

Now in this demo, we have seen how GraphQL fetches the data from DynamoDB. Similarly you can have a different Resolver such as Lambda Function to handle the request.

Securing your AppSync Endpoint..

AWS Web Application Firewall (WAF) is a web security service that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources.

To secure an AppSync endpoint with WAF, you can create a WAF rule and associate it with the AppSync endpoint. The rule can be configured to block or allow traffic based on certain criteria, such as IP address or request headers. This can help protect against common web attacks such as SQL injection, cross-site scripting, and others. Additionally, you can also use WAF to rate-limit requests to the AppSync endpoint to prevent denial-of-service attacks.


AWS AppSync is a powerful tool that makes it easy to build, deploy, and manage real-time and offline applications that require data access and manipulation. It supports various use cases from Data Ingestion to pub/sub services.

✍️ About the Author:

Mohamed Fayaz is a Data & AI Consultant, and a technical blogger who writes and speaks about the topics such as Software Engineering, Big Data Analytics, and Cloud Engineering. Connect with him on LinkedIn or follow him on Twitter for updates.

Did you find this article valuable?

Support Mohamed Fayaz by becoming a sponsor. Any amount is appreciated!